b'July 31, 2002\nAudit Report No. 02-025\n\n\nDivision of Supervision Implementation\nof Gramm-Leach-Bliley Act Provisions\n\x0c                                     CONTENTS\n\nBACKGROUND                                                                        2\n\n     Gramm-Leach-Bliley Act of 1999                                               2\n     GLBA Titles I, II, and III, Subtitle A                                       2\n     Risks to FDIC and the Bank Insurance Fund                                    4\n     GLBA-Related Activity of State Nonmember Banks                               4\n     FDIC Approach to Addressing GLBA                                             5\n\nRESULTS OF AUDIT                                                                  5\n\nPROCEDURES FOR SHARING INFORMATION WITH THE SEC                                   7\n\n     \xe2\x80\xa2   GLBA \xc2\xa7115. Examination of Investment Companies                           7\n     \xe2\x80\xa2   GLBA \xc2\xa7217. Removal of the Exclusion from the Definition of Investment\n         Adviser for Banks that Advise Investment Companies                       7\n     \xe2\x80\xa2   GLBA \xc2\xa7220. Interagency Consultation                                      8\n     \xe2\x80\xa2   GLBA \xc2\xa7222. Statutory Disqualification for Bank Wrongdoing                8\n\nRecommendation                                                                    9\n\nDOS POLICIES AND PROCEDURES ON \xe2\x80\x9cRELATED ORGANIZATIONS\xe2\x80\x9d                            9\nAND BANK RECORDKEEPING REQUIREMENTS\n\n     DOS Policies and Procedures on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d                       9\n\n            \xe2\x80\xa2    GLBA \xc2\xa7107. Cross Marketing Restriction; Limited Purpose         10\n                 Bank Relief; Divestiture\n            \xe2\x80\xa2    Amended Bank Holding Company Act \xc2\xa74(n) \xe2\x80\x9cAuthority to retain     10\n                 limited non-financial activities and affiliations,\xe2\x80\x9d and \xc2\xa74(o)\n                 \xe2\x80\x9cRegulation of certain financial holding companies\xe2\x80\x9d\n            \xe2\x80\xa2    GLBA \xc2\xa7121(b) \xe2\x80\x9cSections 23A and 23B of the Federal Reserve       11\n                 Act"\n\n     DOS Examination Guidance on Bank Recordkeeping Requirements                 12\n\nRecommendation                                                                   12\n\nDOS INTERNAL DATABASES                                                           13\n\n     Case Administration System, ViSION, and SIMS Databases Should Be            13\n     Revised to Add Fields for Financial Holding Companies\n\n     Changes to Information Systems Based on Rules and Regulations for \xc2\xa7204.     14\n     Information Sharing, Should Be Anticipated\n\nRecommendations                                                                  14\n\x0cCORPORATION COMMENTS AND OIG EVALUATION                       14\n\nAPPENDIX I:     OBJECTIVES, SCOPE, AND METHODOLOGY            19\n\nAPPENDIX II:    GLBA TABLE OF CONTENTS                        21\n\nAPPENDIX III:   STATE NONMEMBER BANK NONINTEREST INCOME       25\n\nAPPENDIX IV:    STATUS OF ITEMS ON THE FDIC \xe2\x80\x9cGLBA CORPORATE   27\n                PROJECT LIST\xe2\x80\x9d\n\nAPPENDIX V:     DOS GUIDANCE ON GLBA SECTIONS THAT REQUIRE    31\n                CHANGES TO EXAMINATION POLICIES AND\n                PROCEDURES\n\nAPPENDIX VI:    CORPORATION COMMENTS                          34\n\nAPPENDIX VII:   SECURITIES AND EXCHANGE COMMISSION            38\n                COMMENTS\n\nFIGURE:         Banks and New GLBA-Type Affiliates             3\n\n\n\n\n                                     2\n\x0c\x0cBanks, Securities Firms, and Insurance Companies; Title II \xe2\x80\x93 Functional Regulation; and Title III \xe2\x80\x93\nInsurance, Subtitle A \xe2\x80\x93 State Regulation of Insurance. 5\n\n\nBACKGROUND\n\nGramm-Leach-Bliley Act of 1999\n\nThe Gramm-Leach-Bliley Act of 1999 impacts the types of financial activities that banks and their\naffiliates can conduct. GLBA also affects how various bank and affiliate activities are regulated and\nexamined. According to the Statement of Managers, H.R. Conference Report 106-434 (1999\nU.S.C.C.A.N. 245, 247), GLBA eliminates many federal and state law barriers to affiliations among\nbanks and securities firms, insurance companies, and other financial services providers. Financial\norganizations are provided flexibility in structuring these new financial affiliations through a holding\ncompany structure or a \xe2\x80\x9cfinancial subsidiary.\xe2\x80\x9d 6 The legislation preserves the role of the FRB as the\n\xe2\x80\x9cumbrella\xe2\x80\x9d supervisor for holding companies but also incorporates a system of \xe2\x80\x9cfunctional\nregulation\xe2\x80\x9d to utilize the strengths of the various federal and state financial supervisors. 7 GLBA\nstipulates that banks may not participate in the new financial affiliations unless they are well\ncapitalized and well managed. The appropriate regulators are given clear authority to address any\nfailure to maintain these safety and soundness standards in a prompt manner.8\n\nIn addition to financial services affiliations and functional regulation, GLBA also has titles or\nsections relating to unitary thrift holding companies, protecting the privacy of consumer financial\ninformation, Federal Home Loan Bank system modernization, automated teller machine fee reform,\nand the Community Reinvestment Act. As noted previously, these titles or sections were not within\nthe scope of our audit.\n\nGLBA Titles I, II, and III, Subtitle A\n\nSafety and soundness concerns stemming from GLBA derive from the increased affiliations among\nbanks, securities firms, insurance companies, and other financial services providers and the revised\n5\n  GLBA\xe2\x80\x99s Table of Contents is provided in Appendix II. The text of GLBA can be found at the Library of Congress Web\nsite for legislative information on the Internet, http://thomas.loc.gov. Refer to Public Law 106-102.\n6\n  \xe2\x80\x9cFinancial subsidiaries\xe2\x80\x9d are bank operating subsidiaries engaged in some of the new financial activities permitted\nfor holding companies and their affiliates.\n7\n \xe2\x80\x9cFunctional regulation\xe2\x80\x9d means that various financial activities should be overseen by the regulator with the\ncorresponding regulatory experience: banking is to be supervised by banking regulators, securities activities by the\nSEC and state regulators, and insurance activities by state insurance regulators.\n8\n  GLBA maintains the FDIC\xe2\x80\x99s authority to examine bank affiliates. \xc2\xa7112. Authority of State Insurance Regulator\nand Securities and Exchange Commission and \xc2\xa7115. Examination of Investment Companies uphold the FDIC\xe2\x80\x99s\nauthority to examine an affiliate of an insured depository institution to determine the nature and effect of the\nrelations. GLBA also maintains the FDIC\xe2\x80\x99s authority to regulate bank subsidiaries. \xc2\xa7114. Prudential Safeguards,\nupholds the FDIC\xe2\x80\x99s authority to impose restrictions or requirements on relationships or transactions between a state\nnonmember bank and a subsidiary that are appropriate to avoid significant risk or other adverse effects such as\nundue concentration of resources, decreased or unfair competition, or conflicts of interest.\n\n\n                                                          2\n\x0cregulatory authorities and structure \xe2\x80\x93 areas that are addressed under GLBA Titles I, II, and III,\nSubtitle A.\n\n        \xe2\x80\xa2    Title I \xe2\x80\x93 Facilitating Affiliation Among Banks, Securities Firms, and Insurance\n             Companies allows bank holding companies to become \xe2\x80\x9cfinancial holding companies\xe2\x80\x9d\n             and expand into a wide variety of services that are \xe2\x80\x9cfinancial in nature.\xe2\x80\x9d Also, banks are\n             allowed to engage in these \xe2\x80\x9cfinancial in nature\xe2\x80\x9d activities through \xe2\x80\x9cfinancial\n             subsidiaries.\xe2\x80\x9d The following figure illustrates the relationship between banks and these\n             new GLBA-authorized affiliates. 9 For both \xe2\x80\x9cfinancial holding companies\xe2\x80\x9d and\n             \xe2\x80\x9cfinancial subsidiaries,\xe2\x80\x9d regulatory safeguards and limitations on activities apply.\n             Title I maintains the FRB\xe2\x80\x99s broad or \xe2\x80\x9cumbrella\xe2\x80\x9d regulatory authority over holding\n             companies and their subsidiaries. Title I also promotes \xe2\x80\x9cfunctional regulation\xe2\x80\x9d by\n             establishing primary regulators that other regulators depend on and consult.\n\n                             Figure: Banks and New GLBA-Type Affiliates\n\n\n\n\n        \xe2\x80\xa2    Title II \xe2\x80\x93 Functional Regulation, affects the securities industry and bank securities-related\n             activities. The broad exemption that banks had from SEC regulation is replaced by more\n             limited exemptions. The SEC and FRB are to work together to establish rules for new\n             hybrid financial products. Banks acting as investment advisers to mutual funds are to\n             register with the SEC. Title II authorizes a new and voluntary \xe2\x80\x9cinvestment bank holding\n             company\xe2\x80\x9d structure, to be supervised by the SEC.\n\n        \xe2\x80\xa2    Title III \xe2\x80\x93 Insurance, Subtitle A \xe2\x80\x93 State Regulation of Insurance, defines the types of\n             insurance activities that banks can engage in and establishes relative responsibilities\n             between federal and state officials for the regulation and examination of insurance\n             activities and affiliations. Like Title II dealing with securities, Title III promotes\n9\n Federal Reserve Act (FRA) \xc2\xa723A(a) Restrictions on Transactions with Affiliates, includes in its definition of\naffiliate, \xe2\x80\x9cany company that controls the member bank and any other company that is controlled by the company that\ncontrols the member bank affiliate\xe2\x80\x9d and \xe2\x80\x9ca bank subsidiary of the member bank.\xe2\x80\x9d FRA \xc2\xa723A also applies to state\nnonmember banks.\n\n\n                                                        3\n\x0c             functional regulation regarding insurance. Title III affirms the historical lead authority of\n             state regulation of the insurance business.\n\nRisks to FDIC and the Bank Insurance Fund\n\nIncreased affiliation between state nonmember banks and other financial services providers engaged\nin expanded financial activities \xe2\x80\x93 in a new functional regulation environment \xe2\x80\x93 poses risks to the\nFDIC and the Bank Insurance Fund:\n\n        \xe2\x80\xa2    The increased number and types of affiliations heighten the risk that an affiliate might\n             access the assets of a bank in violation of federal law and regulations.\n        \xe2\x80\xa2    The need for enhanced communication and coordination in a functional regulation\n             environment increases the risk that some bank activities might not be examined or that\n             results of examinations requiring regulatory action will be slow to be addressed.\n        \xe2\x80\xa2    \xe2\x80\x9cFinancial in nature\xe2\x80\x9d activities undertaken by bank affiliates might be new or complex\n             and difficult to regulate and examine. Large losses could go undetected and continue to\n             mount.\n        \xe2\x80\xa2    New \xe2\x80\x9cfinancial in nature\xe2\x80\x9d activities might have unforeseen potential liabilities which, if\n             realized, might be applied to insured institutions.\n\nGLBA-Related Activity of State Nonmember Banks\n\nFederal Reserve System data indicate that, as of December 31, 2001, the bank holding companies\nof 480 of a total of 4,971 state nonmember banks had elected to become financial holding\ncompanies. 10\n\nConsolidated Report of Condition and Income (Call Report) regulatory capital data indicate that as\nof December 31, 2001, six state nonmember banks reported equity in financial subsidiaries;\nhowever, FDIC\xe2\x80\x99s DOS has subsequently determined that five of these banks misreported and only\none owns a financial subsidiary.\n\nCall Report noninterest income data indicate that, as of December 31, 2001, large numbers of state\nnonmember banks are generating income from activities that may be affected by GLBA regulations\nand examination requirements. For example, from a total of 4,971 state nonmember banks, 1,174 or\n24 percent report income from \xe2\x80\x9cinvestment banking, advisory, brokerage, and underwriting fees and\ncommissions\xe2\x80\x9d \xe2\x80\x93 activities affected by GLBA Title II \xe2\x80\x93 Functional Regulation, Subtitle A \xe2\x80\x93 Brokers\nand Dealers, particularly because it designates the SEC as primary regulator. Also, 2,433 or\n49 percent of state nonmember banks report income from \xe2\x80\x9cinsurance commissions and fees\xe2\x80\x9d \xe2\x80\x93\nactivities that are affected by GLBA Title III \xe2\x80\x93 Insurance, Subtitle A \xe2\x80\x93 State Regulation of\nInsurance.11 Appendix III provides a more complete analysis of noninterest income data.\n\n10\n  We could not assess the overall extent of state nonmember banks\xe2\x80\x99 GLBA-related activities using available data, in\npart because it is difficult to identify non-bank affiliates and aggregate the data.\n11\n  These are not new activities authorized by GLBA. With the possible exception of financial subsidiaries, GLBA\ndoes not authorize new in-house state nonmember bank activities but might affect how they are regulated and\nexamined.\n\n                                                        4\n\x0cFDIC Approach to Addressing GLBA\n\nUpon enactment of GLBA, an FDIC agency-wide meeting was held to assign Divisions\nresponsibility for each section of the law. From this process, a \xe2\x80\x9cGLBA Corporate Project List\xe2\x80\x9d was\ndeveloped. DOS has been assigned multiple sections on the Project List and for many sections\nserves as the lead division. A closeout procedure consisting of an explanation and certification is\nrequired for each GLBA section on the Project List. The Legal Division maintains the list. As of\nMay 2, 2002, 49 of 62 items included on the Project List have been closed out. Appendix IV shows\nthe status of each item on the Project List as of that date. Using a combination of personal contacts,\nthe Federal Register, industry publications, and database search vehicles such as Lexis, the FDIC\nLegal Division monitors other agencies\xe2\x80\x99 GLBA activities, including the issuance of regulations.\nOther agencies usually notify the Legal Division of pending or final action and the Legal Division\nthen notifies DOS.\n\nGLBA sections on the Project List have been assigned to individuals within various DOS sections\nand branches based upon their areas of expertise. Also, DOS created the position of GLBA Project\nCoordinator to monitor and coordinate the Division\xe2\x80\x99s GLBA-related activities.\n\nDOS typically issues examination policies and procedures as Regional Directors Memorandums\n(RD Memos), Examination Documentation Modules (ED Modules), revisions to the Manual of\nExamination Policies, and revisions to the Trust Examination Manual. Consistent with that\napproach, DOS has issued guidance on specific GLBA areas in the form of RD Memos and has\naddressed securities-related issues in amendments to the Trust Examination Manual.\n\n\nRESULTS OF AUDIT\n\nDOS has established coordination arrangements with other federal regulatory agencies through\nworking groups, personal contacts, and monitoring activities. DOS representatives attend periodic\nmeetings of the informal Cross-Sector Regulatory Working Group, consisting of representatives\nfrom each of the financial regulatory agencies. The purpose of the Group is to provide for\ncommunication and increased awareness of each agency\xe2\x80\x99s GLBA-related responsibilities and\nactivities. For state nonmember bank insurance activities, \xe2\x80\x9cInformation Sharing and Confidentiality\nAgreements\xe2\x80\x9d with state insurance commissioners have been developed and are being entered into on\na state-by-state basis.12 As of March 6, 2002, agreements had been completed with 36 states. Also,\nDOS representatives are attending quarterly meetings of the National Association of Insurance\nCommissioners.\n\nDOS and Legal Division personnel have participated in an interagency working group addressing\ninformation sharing with the SEC. However, an information sharing agreement with the SEC\ndating from June 17, 1987 needs to be updated to reflect GLBA considerations. The effect of not\nhaving updated this agreement is that DOS examinations staff do not have current procedures\n\n12\n  The purpose of the Agreements is to facilitate the exchange of examination and other information regarding\ninsurance companies and affiliate depository institutions, as authorized by GLBA \xc2\xa7307. Interagency Consultation.\nThe Agreements cover exchange of information on enforcement actions, consumer complaints, and other\nsupervisory activities.\n\n                                                        5\n\x0cregarding information sharing with the SEC. This is important because GLBA places restrictions\non the examination of bank and affiliate securities activities, as described below. Without\ncurrent procedures, information requests have to be developed and processed on a case-by-case\nbasis.\n\nWith respect to DOS\xe2\x80\x99s updating of policies and procedures to address restrictions and safeguards\nin GLBA, DOS has updated or created related policies and procedures to address most of the\nGLBA sections covered in our review. However, two sources of reference for examiners, the\nManual of Examination Policies and a Supplemental ED Module, have not been updated with\nrespect to guidance on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d to address the issue of bank relations with\naffiliates, including holding companies. The effect of not updating these policies and procedures\nis that examination staff have lacked comprehensive guidance on this aspect of the law.\n\nSEC has not issued final rules for GLBA \xc2\xa7201. Definition of Broker and \xc2\xa7202. Definition of\nDealer, both of which replace the broad exemption banks had from SEC regulation with more\nlimited exemptions. Once final rules are issued, the FDIC and other federal banking agencies\nwill issue rules for \xc2\xa7204. Information Sharing, which requires that recordkeeping requirements\nbe established for banks relying on the limited exemptions contained in \xc2\xa7201 and \xc2\xa7202. DOS is\nwaiting for final regulations on \xc2\xa7204 before issuing guidance in its examination policies and\nprocedures.\n\nAs for the overall timeliness of updating GLBA-related policies and procedures, Appendix V\ncompares when GLBA sections became effective to when guidance was issued. Guidance on\nTitle I has been issued for some sections, while other sections have been partially addressed or\nnot at all. Guidance on Title II has been issued except for bank recordkeeping requirements,\nwhich are dependent on regulations to be issued by SEC. Guidance has been issued for all of\nTitle III, Subtitle A.\n\nWhile FDIC has access to Federal Reserve System data on financial holding companies, DOS\ninformation systems do not currently identify banks that are directly or indirectly engaged in\nGLBA-affected activities. Several internal databases used by DOS to describe bank and holding\ncompany structure information do not identify GLBA-related entities such as financial holding\ncompanies and financial subsidiaries. The DOS databases for bank and holding company\nstructure information also do not include nonbank affiliates such as insurance companies and\nsecurities firms. Not having this information detracts from the ability to assess risk; examine for\ntransactions with affiliates; and, consistent with the premise of functional regulation, coordinate\nwith primary regulators overseeing financial activities corresponding to their areas of expertise.\n\nAlso concerning DOS information systems, the recordkeeping requirements in \xc2\xa7204. Information\nSharing could identify banks engaged in securities-related activities that are exempt from SEC\noversight. This information would be of help in examinations and for coordinating with SEC. Early\nanalysis of \xc2\xa7204. Information Sharing\xe2\x80\x99s impact on DOS information systems is important because of\nthe time requirements to budget project funds and coordinate with other FDIC divisions to\naccomplish system modifications.\n\n\n\n\n                                                 6\n\x0cPROCEDURES FOR SHARING INFORMATION WITH THE SEC\n\nAn agreement has existed since June 17, 1987 establishing procedures for the FDIC to access the\nSEC\xe2\x80\x99s nonpublic information. The agreement has not been updated and broadened to address\ncertain GLBA sections described below. Progress has not been made in revising the agreement\nin part because the SEC has given priority to working with the FRB and the OCC. DOS and\nLegal Division personnel believe that state nonmember bank investment company and\ninvestment adviser activity is minimal and so have given the matter a low priority. The effect of\nnot having updated this agreement is that DOS examinations staff do not have current procedures\nregarding notifications of, and information sharing with, the SEC. Without current procedures,\ninformation requests have to be developed and processed on a case-by-case basis.\n\nProcedures for the exchange of information with the SEC have not been updated to address the\nfollowing GLBA sections:\n\n       \xe2\x80\xa2   GLBA \xc2\xa7115. Examination of Investment Companies\n\n       GLBA \xc2\xa7115. Examination of Investment Companies, prohibits federal banking agencies,\n       including the FDIC, from examining any registered investment company that is not a bank\n       holding company or a savings and loan holding company. It also requires the SEC to\n       provide to any federal banking agency, upon request, the results of any examination, reports,\n       records, or other information with respect to any registered investment company to the extent\n       necessary for the agency to carry out its statutory responsibilities.\n\n       The \xe2\x80\x9cGLBA Corporate Project List\xe2\x80\x9d indicates that \xc2\xa7115 is to be addressed in a\n       memorandum of understanding (MOU) with the SEC. DOS and SEC have not agreed to\n       procedures to address \xc2\xa7115 through an MOU or by other means.\n\n       \xe2\x80\xa2   GLBA \xc2\xa7217. Removal of the Exclusion from the Definition of Investment Adviser\n           for Banks that Advise Investment Companies\n\n       \xc2\xa7217 removes the exclusion of banks from the definition of investment adviser under the\n       Investment Advisers Act of 1940. The effect is that banks performing investment advisory\n       services are now subject to the same SEC regulation as other investment advisers. The\n       section also provides that banks can establish a separately identifiable department (SID) in\n       which such services are performed; the department and not the bank shall be deemed to be\n       the investment adviser and subject to SEC regulation and examination.\n\n       The \xe2\x80\x9cProject List\xe2\x80\x9d states that SEC has not issued rules for \xc2\xa7217, the Section is addressed\n       in the Trust Examination Manual, and no further action is needed. DOS representatives\n       believe that \xc2\xa7217 will affect only state nonmember bank trust departments. However, in\n       our view, investment advisory services provided by a SID might exist separate and\n       outside of a trust department.\n\n\n\n\n                                                 7\n\x0c         \xe2\x80\xa2   GLBA \xc2\xa7220. Interagency Consultation\n\n         \xc2\xa7220. Interagency Consultation, amends the Investment Advisers Act of 1940, adding a\n         new \xc2\xa7210A. Consultation. This new section requires federal banking regulators and the\n         SEC to share the results of any examination, reports, records, or other information\n         regarding the investment advisory activities of any bank, bank holding company, or SID\n         registered as an investment adviser. If the bank has a SID that is a registered investment\n         adviser, GLBA requires the bank regulator to share with the SEC the results of any\n         examination, reports, records or other information regarding the bank.\n\n         The \xe2\x80\x9cProject List\xe2\x80\x9d indicates that work on \xc2\xa7220 has been completed and no further action\n         is needed. DOS\xe2\x80\x99s Trust Examination Manual has been revised to include mention of\n         \xc2\xa7220. However, an MOU between the FDIC and SEC addressing the requirements of\n         \xc2\xa7220 has not been developed to facilitate the exchange of information between the two\n         agencies.\n\n         \xe2\x80\xa2   GLBA \xc2\xa7222. Statutory Disqualification for Bank Wrongdoing\n\n         \xc2\xa7222. Statutory Disqualification for Bank Wrongdoing amends the Investment Company\n         Act of 1940 to include banks as organizations that are disqualified from investment\n         advising if they have been convicted of a felony or misdemeanor or have otherwise been\n         enjoined because of their securities activities.\n\n         The \xe2\x80\x9cProject List\xe2\x80\x9d shows that \xc2\xa7222 has been closed and does not indicate that any action\n         was taken.\n\nBased on the June 17, 1987 agreement between the FDIC and the SEC, DOS issued an RD\nMemo titled, \xe2\x80\x9cAccess to Securities and Exchange Commission\xe2\x80\x99s Nonpublic Information\xe2\x80\x9d (no.\n87-129, dated July 16, 1987). The language of the sample documentation request letters,\nprovided as attachments to the RD Memo, relates to criminal or civil investigations 13 and is not\nclearly applicable to information with respect to any registered investment company (\xc2\xa7115) or\ninvestment adviser (\xc2\xa7217, \xc2\xa7220, and \xc2\xa7222). DOS and Legal Division personnel have\nparticipated in an inter-agency working group addressing information sharing with the SEC.\nDOS and Legal Division personnel have suggested that progress has not been made in revising\nthe agreement to allow the FDIC access to the SEC\xe2\x80\x99s nonpublic information in part because the\nSEC has given priority to working with the FRB and the OCC. DOS and Legal Division\npersonnel believe that state nonmember bank investment company and investment adviser\nactivity is minimal and so have given the matter a low priority.\n\n\n\n\n13\n   The sample documentation request letters contain the verbiage, \xe2\x80\x9cThis request is made in connection with an\nongoing lawful investigation or official proceeding inquiring into a violation of, or failure to comply with, a criminal\nor civil statute or regulation, rule or order issued pursuant thereto, being conducted by [name of requesting agency].\xe2\x80\x9d\n\n                                                           8\n\x0cRecommendation\n\nWe recommend that the Director, DOS:\n\n       (1) In conjunction with the Legal Division and the SEC, develop procedures for\n           information sharing consistent with GLBA \xc2\xa7115. Examination of Investment\n           Companies, \xc2\xa7217. Removal of the Exclusion from the Definition of Investment\n           Adviser for Banks that Advise Investment Companies, \xc2\xa7220. Interagency\n           Consultation, and \xc2\xa7222. Statutory Disqualification for Bank Wrongdoing.\n\n\nDOS POLICIES AND PROCEDURES ON \xe2\x80\x9cRELATED ORGANIZATIONS\xe2\x80\x9d AND BANK\nRECORDKEEPING REQUIREMENTS\n\nThe DOS Manual of Examination Policies and Supplemental ED Module guidance on \xe2\x80\x9cRelated\nOrganizations,\xe2\x80\x9d covering significant areas affected by GLBA, particularly bank relations with\naffiliates, have not been updated. The DOS practice of making comprehensive, as opposed to\npiecemeal, revisions to the Manual of Examination Policies has affected the timing of the update.\nManual of Examination Policies Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d will be revised before the\nSupplemental ED Module on related organizations. The effect of not updating these policies and\nprocedures is that examination staff have lacked comprehensive guidance on examining GLBA\xe2\x80\x99s\nimpact on bank affiliates.\n\nAppendix V compares when GLBA sections became effective to when guidance was issued.\nGuidance on Title I was issued for some sections, while other sections have been partially addressed\nor not at all. (These other sections are described below under DOS Policies and Procedures on\n\xe2\x80\x9cRelated Organizations.\xe2\x80\x9d) Guidance on Title II has been issued except for bank recordkeeping\nrequirements, which are dependent on regulations to be issued by the SEC. (This matter is\ndescribed below under DOS Examination Guidance on Bank Recordkeeping Requirements.)\nGuidance has been issued for all of Title III, Subtitle A.\n\nOnce the SEC issues final rules for GLBA \xc2\xa7201. Definition of Broker and \xc2\xa7202. Definition of\nDealer, both of which replace the broad exemption banks had from SEC regulation with more\nlimited exemptions, the FDIC and other federal banking agencies will issue rules for \xc2\xa7204.\nInformation Sharing, which requires that recordkeeping requirements be established for banks\nrelying on the limited exemptions contained in \xc2\xa7201 and \xc2\xa7202. DOS plans to issue guidance on\n\xc2\xa7204 after final regulations have been issued. Because banks are not being asked to comply until\nfinal regulations are issued, the lack of DOS guidance has no effect.\n\nDOS Policies and Procedures on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d\n\nThe Manual of Examination Policies Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d provides guidance on\nbank holding companies, subsidiaries, and other affiliates. This guidance includes a discussion of\nFederal Reserve Act (FRA) \xc2\xa723A and \xc2\xa723B, which regulate transactions between banks and their\naffiliates. However, Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d has not been revised since August 1999,\nbefore the passage of GLBA in November 1999.\n\n\n                                                 9\n\x0cThe Supplemental ED Module, \xe2\x80\x9cRelated Organizations,\xe2\x80\x9d provides model examination procedures\napplicable to bank holding companies, subsidiaries, and other affiliates. Guidance includes\nconsideration of certain control and performance objectives (i.e., standards) and associated risks.\nSpecific guidance is given to topical areas such as, \xe2\x80\x9cEvaluation of Affiliate Operations,\xe2\x80\x9d and\n\xe2\x80\x9cCompliance with Sections 23A and 23B, Part 362, and Other Applicable Regulations.\xe2\x80\x9d The\n\xe2\x80\x9cRelated Organizations\xe2\x80\x9d ED Module was revised in October 2000 but does not address certain key\naspects of GLBA.\n\nFor example, topics in Section 4.3 and the Supplemental ED Module that are affected by GLBA and\nare not updated include: bank holding companies (GLBA authorizes a new type of holding company,\nthe financial holding company); limited purpose banks; 14 affiliates, including transactions between\nbanks and their affiliates; subsidiaries (GLBA authorizes a new type of subsidiary, the financial\nsubsidiary); and examination authority. Some of these topics have been addressed in RD Memos\n(see Appendix V). However, without updated guidance on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d examination\nstaff do not have readily available and detailed guidance and a risk exists that bank examinations\nmight not consider GLBA\xe2\x80\x99s effects in these areas.\n\nIn addition to general topical areas in \xe2\x80\x9cRelated Organizations\xe2\x80\x9d that are affected by GLBA and should\nbe updated, we identified certain related GLBA sections for which updated guidance is not complete:\n\n        \xe2\x80\xa2    GLBA \xc2\xa7107. Cross Marketing Restriction; Limited Purpose Bank Relief;\n             Divestiture\n\n             GLBA \xc2\xa7107. Cross Marketing Restriction; Limited Purpose Bank Relief; Divestiture,\n             amends restrictions on limited purpose banks and their holding companies and affiliates.\n             DOS has drafted guidance on \xc2\xa7107 but has not finalized and incorporated the changes\n             yet.\n\n        \xe2\x80\xa2    Amended Bank Holding Company Act \xc2\xa74(n) \xe2\x80\x9cAuthority to retain limited non-\n             financial activities and affiliations,\xe2\x80\x9d and \xc2\xa74(o) \xe2\x80\x9cRegulation of certain financial\n             holding companies\xe2\x80\x9d\n\n             GLBA \xc2\xa7103. Financial Activities, subsection (a), amends Bank Holding Company Act\n             (BHCA) \xc2\xa74(n) and \xc2\xa74(o) and places restrictions on companies that are not bank holding\n             companies or foreign banks and that become financial holding companies. The\n             restrictions pertain to cross marketing products between depository institutions and\n             certain affiliates. The restrictions also prohibit depository institutions from engaging in\n             certain specified types of transactions, called \xe2\x80\x9ccovered transactions,\xe2\x80\x9d with nonfinancial\n             affiliates. 15 DOS has determined that an implementation plan is not necessary for\n\n14\n  Limited purpose banks \xe2\x80\x93 also known as nonbank banks or CEBA banks, after the Competitive Equality Banking\nAct of 1987 \xe2\x80\x93 are banks that either make commercial loans or accept demand deposits, but not both, and are insured\nby the FDIC. Companies that own them are not treated as bank holding companies as long as they comply with\ncertain restrictions.\n15\n  Amended BHCA \xc2\xa74(n). \xe2\x80\x9cAuthority to retain limited non-financial activities and affiliations,\xe2\x80\x9d allows a company\nthat is not a bank holding company or a foreign bank and becomes a financial holding company to continue to\nengage in any activity and retain direct or indirect ownership of a company engaged in any activity. Certain\n\n                                                        10\n\x0c             amended BHCA \xc2\xa74(n) and \xc2\xa74(o) because it believes they are a limited part of the statute\n             with no evidence of immediate impact on state nonmember banks. 16 Because GLBA\n             \xc2\xa7103(a) amendments to BHCA \xc2\xa74(n) and \xc2\xa74(o) are not addressed, there is a possibility\n             that examiners may not be aware of these special types of financial holding companies\n             and the restrictions on their depository institutions related to cross marketing and covered\n             transactions.\n\n         \xe2\x80\xa2   GLBA \xc2\xa7121(b) \xe2\x80\x9cSections 23A and 23B of the Federal Reserve Act\xe2\x80\x9d\n\n             GLBA \xc2\xa7121. Subsidiaries of National Banks, subsection (a) In General, authorizes\n             national banks to conduct in \xe2\x80\x9cfinancial subsidiaries\xe2\x80\x9d certain activities that are \xe2\x80\x9cfinancial\n             in nature.\xe2\x80\x9d Similar, but not identical, authorities for owning financial subsidiaries are\n             extended to state (member and nonmember) banks. GLBA \xc2\xa7121(b) \xe2\x80\x9cSections 23A and\n             23B of the Federal Reserve Act,\xe2\x80\x9d requires that the financial subsidiary be treated as an\n             affiliate \xe2\x80\x93 the bank must apply the same limits on transactions with affiliates to its\n             transactions with the financial subsidiary. A number of exceptions and special provisions\n             apply. 17\n\n             DOS has issued an RD Memo, Activities of Insured State Banks and Their Subsidiaries\n             (no. 2001-051, dated November 15, 2001) providing guidance on the implementation of\n             the provisions of GLBA concerning financial subsidiaries of state nonmember banks.\n             The RD Memo states, \xe2\x80\x9cThe state nonmember bank must comply with the amendments to\n             sections 23A and 23B of the Federal Reserve Act made by section 121(b) of the GLBA\n             that require certain ongoing transactional restrictions.\xe2\x80\x9d More detailed guidance is not\n             provided on the \xc2\xa7121(b) limits on transactions because DOS believes examiners will\n\n\nrequirements apply. (See BHCA \xc2\xa7(4)(n)(1)(A-C).) Amended BHCA \xc2\xa7(4)(n)(5). \xe2\x80\x9cCross Marketing Restrictions\nApplicable to Commercial Activities,\xe2\x80\x9d limits the ability of depository institutions to engage in cross marketing with\nnonfinancial subsidiaries of the same financial holding company. Amended BHCA \xc2\xa7(4)(n)(6). \xe2\x80\x9cTransactions with\nNonfinancial Affiliates,\xe2\x80\x9d prohibits depository institutions from engaging in any \xe2\x80\x9ccovered transactions\xe2\x80\x9d with\nnonfinancial affiliates owned by the same holding company. \xe2\x80\x9cCovered transactions\xe2\x80\x9d are: loans to the affiliate;\ninvestments in the affiliate\xe2\x80\x99s securities; most purchases of assets from the affiliate; acceptance of the affiliate\xe2\x80\x99s\nsecurities as collateral for any loan; and guaranteeing in any manner any extension of credit to the affiliate.\nAmended BHCA \xc2\xa74(o) \xe2\x80\x9cRegulation of certain financial holding companies,\xe2\x80\x9d allows a company that is not a bank\nholding company or a foreign bank and becomes a financial holding company to continue to engage in \xe2\x80\x9cactivities\nrelated to the trading, sale, or investment in commodities\xe2\x80\xa6\xe2\x80\x9d Certain requirements apply. Amended BHCA\nsubsection (4)(o)(3) prohibits the cross marketing of products or services between commodities firms and depository\ninstitutions held by the same financial holding company.\n16\n   While likely quite limited, the overall impact of these provisions on state nonmember banks cannot be determined\nbecause the Federal Reserve Board does not explicitly identify these special types of financial holding companies in\nits National Information Center database used by the FDIC for holding company information.\n17\n   FRA \xc2\xa723A and \xc2\xa723B place strict limitations on transactions between banks and affiliates. GLBA \xc2\xa7121(b) applies\nthese same restrictions to transactions between banks and their financial subsidiaries. GLBA \xc2\xa7121(b) makes\nexceptions in amended FRA \xc2\xa723A(e)(3)(A) Exception from Limit on Covered Transactions with Any Individual\nFinancial Subsidiary, and \xc2\xa723A(e)(3)(B) Exception for Earnings Retained by Financial Subsidiaries. Additional\nrestrictions are made in amended \xc2\xa723A(e)(4) Anti-Evasion Provision, which addresses investments in, and\nextensions of credit to, financial subsidiaries by bank affiliates.\n\n\n                                                         11\n\x0c             identify them by reading FRA \xc2\xa723A and \xc2\xa723B directly. 18 However, lack of explicit\n             guidance on the exceptions and special provisions in GLBA \xc2\xa7121(b) (specifically,\n             amendments to FRA \xc2\xa723A(e)(3) Exceptions for Transactions with Financial Subsidiaries\n             and \xc2\xa723A(e)(4) Anti-Evasion Provision, which addresses investments in, and extensions\n             of credit to, financial subsidiaries by bank affiliates) increases the risk that transactions in\n             violation of these sections might not be examined and detected since these detailed\n             provisions are not readily available. State nonmember bank and financial subsidiary\n             transactions with affiliates is an area of risk for GLBA.\n\nThe DOS practice of making comprehensive, as opposed to piecemeal, revisions to the Manual of\nExamination Policies has affected the timing of the Section 4.3 revision. According to DOS staff\nmembers, they do not consider Section 4.3 to warrant priority over other work. The Supplemental\nED Module on related organizations has not been revised because DOS staff wants to revise Section\n4.3 first.\n\nDOS Examination Guidance on Bank Recordkeeping Requirements\n\nDOS is awaiting final regulations before issuing guidance on GLBA \xc2\xa7204. Information Sharing.\n\xc2\xa7204 requires federal banking regulatory agencies, after consultation with the SEC, to establish\nrecordkeeping requirements for banks relying on the exceptions from the definitions of broker\nand dealer contained in \xc2\xa7201. Definition of Broker, and \xc2\xa7202. Definition of Dealer. These\nrecordkeeping requirements must be sufficient to demonstrate compliance with the terms of the\nexceptions. The resultant records are to be made available to the SEC upon request.\n\nThe SEC published interim final rules for \xc2\xa7201 and \xc2\xa7202, effective May 11, 2001, in response to\nthe legislatively imposed implementation date of May 12, 2001. The SEC is not enforcing the\ninterim final rules and plans to reissue proposed rules for public comment. The eventual\nimplementation date for final rules is uncertain. The FDIC and other banking regulatory\nagencies are coordinating with the SEC to issue regulations for \xc2\xa7204. Information Sharing, at or\nnear the time when the SEC issues final regulations for \xc2\xa7201 and \xc2\xa7202. DOS cannot issue\ndetailed guidance on \xc2\xa7204 until final regulations are issued. Because banks have not been asked\nby the SEC to comply with \xc2\xa7201 and \xc2\xa7202 until final regulations are issued, the lack of DOS\nguidance has no effect.\n\nRecommendation\n\nWe recommend that the Director, DOS:\n\n        (2) Expedite comprehensive revisions of Manual of Examination Policies Section 4.3\n            \xe2\x80\x9cRelated Organizations\xe2\x80\x9d and the Supplemental ED Module, \xe2\x80\x9cRelated Organizations,\xe2\x80\x9d\n            to address relevant sections and provisions of GLBA.\n\n\n\n18\n  GLBA \xc2\xa7121(b) limits on transactions were described in an earlier version of the RD Memo, \xe2\x80\x9cActivities of Insured\nState Banks and Their Subsidiaries,\xe2\x80\x9d but the description was dropped when published FDIC regulations included the\namendments to FRA \xc2\xa723A and \xc2\xa723B.\n\n\n                                                       12\n\x0cDOS INTERNAL DATABASES\n\nDOS headquarters has not been identifying banks that are directly or indirectly engaged in\nGLBA-affected activities. Several internal databases used by DOS to describe bank and holding\ncompany structure information do not identify GLBA-related entities such as financial holding\ncompanies and financial subsidiaries. The DOS databases for bank and holding company\nstructure information also do not include nonbank affiliates such as insurance companies and\nsecurities firms. Absent this data, examiners may not be able to fully assess the overall extent of\nGLBA-related activity, identify potential risks related to transactions between banks and their\nfinancial services affiliates, and, consistent with the premise of functional regulation, coordinate\nwith primary regulators overseeing financial activities corresponding to their areas of expertise.\n\nThe bank recordkeeping requirements in \xc2\xa7204. Information Sharing, could identify banks engaged in\nsecurities-related activities that are exempted from SEC oversight. This information would be of\nhelp in examinations and for coordinating with the SEC. The impact of GLBA \xc2\xa7204. Information\nSharing, on DOS information systems should be planned for. Without planning, delays in\ncoordination with other FDIC Divisions and in obtaining the necessary budget authorization could\nresult.\n\nCase Administration System, ViSION, and SIMS Databases Should Be Revised to Add Fields\nfor Financial Holding Companies\n\nAs part of our audit procedures, we reviewed the Case Administration System, Virtual Supervisory\nInformation On the Net (ViSION), and Structure Information Management System (SIMS)\ndatabases maintained and used in-house by DOS to determine whether they identify certain GLBA\nnewly-authorized entities:\n\n       \xe2\x80\xa2   Financial holding companies. GLBA authorizes a bank holding company to elect to\n           become a financial holding company.\n       \xe2\x80\xa2   Financial subsidiaries. GLBA authorizes state nonmember banks to hold an interest in\n           this new type of subsidiary.\n       \xe2\x80\xa2   Separately identifiable departments. GLBA gives banks the option of conducting\n           investment advisory services through a \xe2\x80\x9cseparately identifiable department.\xe2\x80\x9d\n\nOur review determined that the Case Administration System and ViSION do not have fields to\nidentify financial holding companies, financial subsidiaries, or separately identifiable departments.\nSIMS does not have a field to identify financial holding companies. (Because it is intended to\nidentify a bank\xe2\x80\x99s branch system, SIMS does not otherwise identify bank internal structure or\nsubsidiaries.)\n\nAs of December 31, 2001, bank holding companies of 480 of 4,971 state nonmember banks had\nelected to become financial holding companies. As of December 31, 2001, there was one financial\nsubsidiary and one separately identifiable department. In conjunction with other revisions to the\nsoftware programs, DOS internal databases should be revised to add fields for financial holding\ncompanies. The databases should be revised to identify financial subsidiaries and separately\nidentifiable departments depending on whether and when they become more numerous.\n\n                                                  13\n\x0cOur review of DOS databases also included the ViSION Application Tracking System (ViSION\nAT). FDIC Regulations Part 362.E. requires banks to notify the FDIC if they start or acquire a\nfinancial subsidiary. DOS should keep records of these notifications in ViSION AT. We\ndetermined that ViSION AT does not have a field for recording bank notifications of financial\nsubsidiaries and that, for the time being, any such notices received are to be entered into another\nViSION AT field intended for other purposes. DOS plans to add a field for financial subsidiary\nnotifications to ViSION AT as part of a more comprehensive revision.\n\nChanges to Information Systems Based on Rules and Regulations for \xc2\xa7204. Information\nSharing, Should Be Anticipated\n\nAfter the SEC promulgates final rules for GLBA \xc2\xa7201. Definition of Broker and \xc2\xa7202. Definition of\nDealer, both of which replace the broad exemption banks had from SEC regulation with more\nlimited exemptions, the FDIC will issue rules for \xc2\xa7204. Information Sharing, which requires federal\nbanking agencies to establish recordkeeping requirements for banks relying on the limited\nexemptions contained in \xc2\xa7201 and \xc2\xa7202. If this information is not contained in DOS\xe2\x80\x99s internal\ndatabases, its ability to identify banks engaged in certain types of securities-related activities will be\nimpacted. Early analysis of GLBA \xc2\xa7204\xe2\x80\x99s impact on DOS information systems is important because\nof the time requirements for coordinating with the Division of Information Resources Management\nand the need to budget project funds in order to accomplish system modifications.\n\nRecommendations\n\nThe Director, DOS, should:\n\n    (3) In conjunction with other revisions to the software programs, revise the Case\n        Administration System, ViSION, and SIMS databases to add fields for financial holding\n        companies.\n\n    (4) Based on rules and regulations for \xc2\xa7204. Information Sharing, plan for changes to\n        information systems in order to identify banks engaged in activities exempted from SEC\n        regulation.\n\n\nCORPORATION COMMENTS AND OIG EVALUATION\n\nOn July 22, 2002, the Director of DSC provided a written response to the draft report. The response\nis presented in Appendix VI to this report. We also had subsequent discussions with DSC staff to\nclarify aspects of the written response. In addition, because portions of the report mentioned\nactivities of the Securities and Exchange Commission (SEC), we provided a copy of the draft to the\nSEC for review. SEC\xe2\x80\x99s response is presented in Appendix VII and the Commission had no\ncomments.\n\nPrior to responding to each of the report\xe2\x80\x99s four recommendations, DSC stated in its response, \xe2\x80\x9cWe\nanticipate that your final report will clarify that the FDIC is in compliance with all portions of GLBA\nthat required action by the FDIC such as rulemaking or establishing procedures and that the\n\n\n                                                   14\n\x0cexceptions noted in your report are considered technical in nature and should not impact the safety\nand soundness examination of any institution.\xe2\x80\x9d\n\nAs described in Appendix I, our audit objectives, scope, and methodology do not provide for an\noverall conclusion on whether the FDIC is in compliance with all portions of GLBA. The audit\nobjectives addressed DOS\xe2\x80\x99s coordination with other regulatory agencies, updates of policies and\nprocedures, and identification of banks engaged in GLBA activities. The audit procedures were\nlimited to GLBA Titles I, II, and III, Subtitle A. Overall assessments of whether the reported\nexceptions are \xe2\x80\x9ctechnical in nature\xe2\x80\x9d and might \xe2\x80\x9cimpact the safety and soundness examination of any\ninstitution\xe2\x80\x9d are also beyond the scope of this audit. However, throughout the report we acknowledge\nDOS\xe2\x80\x99s many accomplishments in implementing GLBA provisions.\n\nDSC concurred with each of our four recommendations. A summary of each recommendation\nand DSC\xe2\x80\x99s comments follows:\n\nRecommendation 1: In conjunction with the Legal Division and the SEC, develop procedures\nfor information sharing consistent with GLBA \xc2\xa7115. Examination of Investment Companies,\n\xc2\xa7217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that\nAdvise Investment Companies, \xc2\xa7220. Interagency Consultation, and \xc2\xa7222. Statutory\nDisqualification for Bank Wrongdoing.\n\nDSC management concurred with the recommendation. The FDIC has actively attempted to\nestablish a revised Memorandum of Understanding (MOU) with the SEC but the SEC has devoted\nits resources elsewhere and is formulating targeted MOUs where necessary. In DSC\xe2\x80\x99s opinion, the\ncited sections are \xe2\x80\x9cself-executing\xe2\x80\x9d and do not mandate any action or are under the jurisdiction of the\nSEC. DSC\xe2\x80\x99s view is that the information sharing requirements and accompanying procedures have\nbeen addressed in great detail in the revised Trust Manual. According to DSC, there have been no\ninstances where the revised trust examination procedures have been shown to be inadequate.\n\nDSC\xe2\x80\x99s effort to revise the existing 1987 MOU would suggest their belief that an update is necessary.\nThe value of the MOU is to establish procedures for the exchange of information between the SEC\nand FDIC. The information sharing requirements have been addressed in the revised Trust Manual\nbut the procedures should be established and explained in an agreement or other guidance to the\nstaff. Also, as stated in the audit report, some of the affected activities might occur outside of a\nbank\xe2\x80\x99s trust department.\n\nIn subsequent discussions, DSC staff stated that they are constrained from taking further action on\nthis recommendation pending further action by the SEC. However, there might be alternative\nactions available, such as DSC issuing staff guidance on information sharing procedures unilaterally\nor elevating the issue to a higher level of management within the FDIC for resolution. DSC\nmanagement should reconsider its response and reply within 30 days of the issuance of this report.\n\nThis recommendation is unresolved, undispositioned, and open.\n\n\n\n\n                                                 15\n\x0cRecommendation 2: Expedite comprehensive revisions of Manual of Examination Policies\nSection 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d and the Supplemental ED Module, \xe2\x80\x9cRelated\nOrganizations,\xe2\x80\x9d to address relevant sections and provisions of GLBA.\n\nDSC management concurred with the recommendation. According to DSC, most of the items cited\nunder this finding have already been addressed in revisions to DSC\xe2\x80\x99s policies and procedures. Each\nitem is specifically addressed as follows:\n\n       \xe2\x80\xa2   DOS Policies and Procedures on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d\n\n       DSC management states that DOS Manual of Examination Policies Section 4.3 entitled\n       \xe2\x80\x9cRelated Organizations\xe2\x80\x9d was updated February 2002 to include GLBA-related\n       guidance. A decision has been made to update the supplemental ED module on \xe2\x80\x9cRelated\n       Organizations\xe2\x80\x9d when issues related to FRB proposed Regulation W concerning Federal\n       Reserve Act (FRA) \xc2\xa723A and \xc2\xa723B are settled.\n\n       On May 7, 2002 we were informed that the revised Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d was\n       \xe2\x80\x9cin printing.\xe2\x80\x9d As of July 31, 2002 the revised Section 4.3 was not included in the Manual of\n       Examination Policies on DSC\xe2\x80\x99s website.\n\n       The supplemental ED module on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d contains substantial\n       guidance on matters other than FRA \xc2\xa723A and \xc2\xa723B and DSC did not provide a\n       timeframe for when issues related to FRB proposed Regulation W will be settled.\n\n       \xe2\x80\xa2   GLBA \xc2\xa7107. Cross Marketing Restriction; Limited Purpose Bank Relief;\n           Divestiture\n\n       DSC states that this has been addressed in the Manual of Examination Policies Section 4.3\n       \xe2\x80\x9cRelated Organizations\xe2\x80\x9d revision.\n\n       \xe2\x80\xa2   Amended Bank Holding Company Act \xc2\xa74(n) \xe2\x80\x9cAuthority to retain limited\n           nonfinancial activities and affiliations,\xe2\x80\x9d and \xc2\xa74(o) \xe2\x80\x9cRegulation of certain financial\n           holding companies\xe2\x80\x9d\n\n       In consultation with the Legal Division, DSC states that any guidance related to this area\n       should come from the FRB and not the FDIC. In subsequent discussions, however, DSC\n       staff indicated that guidance would be issued pending further action by the FRB.\n\n       Our recommendation was that Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d identify GLBA\xe2\x80\x99s\n       authorization of \xe2\x80\x9ccompanies that are not bank holding companies or foreign banks\xe2\x80\x9d to\n       become financial holding companies and related restrictions pertaining to cross\n       marketing products and covered transactions with depository institutions. We were not\n       recommending the type of interpretive guidance cited in DSC\xe2\x80\x99s response.\n\n\n\n\n                                                16\n\x0c       \xe2\x80\xa2   GLBA \xc2\xa7121(b) \xe2\x80\x9cSections 23A and 23B of the Federal Reserve Act\xe2\x80\x9d\n\n       DSC states that it has chosen not to issue interpretive guidance on FRA \xc2\xa723A and \xc2\xa723B\n       coverage of financial subsidiaries until outstanding issues are resolved with the FRB related\n       to proposed Regulation W affecting transactions between banks and their affiliates. DSC\n       did not provide a timeframe for when issues related to FRB proposed Regulation W will be\n       settled.\n\n       Again, we were not recommending the type of interpretive guidance cited in DSC\xe2\x80\x99s\n       response. Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d guidance on financial subsidiaries could\n       cite the exceptions and special provisions of GLBA \xc2\xa7121(b) - specifically, amendments to\n       FRA \xc2\xa723A(e)(3) Exceptions for Transactions with Financial Subsidiaries and\n       \xc2\xa723A(e)(4) Anti-Evasion Provision, which address investments in, and extensions of credit\n       to, financial subsidiaries by bank affiliates.\n\n       \xe2\x80\xa2   DOS Examination Guidance on Bank Recordkeeping Requirements\n\n       DSC is awaiting final regulations from the SEC before issuing guidance on GLBA \xc2\xa7204.\n       Information Sharing. (The report makes no recommendation concerning this matter.)\n\nDSC management should reconsider its response and reply within 30 days of the issuance of this\nreport. The reply should provide a timeframe for when issues related to FRB proposed Regulation\nW and FRA \xc2\xa723A and \xc2\xa723B will be settled. If the timeframe is unknown or uncertain, then issuance\nof GLBA-related guidance in the supplemental ED module on \xe2\x80\x9cRelated Organizations\xe2\x80\x9d should be\nconsidered. The reply should address when revised Section 4.3 \xe2\x80\x9cRelated Organizations\xe2\x80\x9d will be\nincluded in the Manual of Examination Policies on DSC\xe2\x80\x99s website. DSC should address in the reply\nits reconsideration of whether GLBA\xe2\x80\x99s authorization of \xe2\x80\x9ccompanies that are not bank holding\ncompanies or foreign banks\xe2\x80\x9d to become financial holding companies and related restrictions\npertaining to cross marketing products and covered transactions with depository institutions should\nbe described in the manual. Finally, the reply should address management\xe2\x80\x99s reconsideration of\nwhether guidance on financial subsidiaries could cite the exceptions and special provisions in GLBA\n\xc2\xa7121(b).\n\nThis recommendation is unresolved, undispositioned, and open.\n\nRecommendation 3: In conjunction with other revisions to the software programs, revise the\nCase Administration System, ViSION, and SIMS databases to add fields for financial holding\ncompanies.\n\nDSC management concurred with the recommendation. DSC stated that the Case Administration\nSystem is being converted to become the Case Administration module in ViSION. The new Case\nAdministration module in ViSION will identify information about financial holding company\noperations in the fourth quarter of 2002.\n\n\n\n\n                                                17\n\x0cOn June 30, 2002, SIMS was transferred to the Division of Insurance and Research. A modification\nto SIMS that will, among other things, identify financial holding companies, is planned for the fourth\nquarter of 2002.\n\nThis recommendation is resolved, undispositioned, and open.\n\nRecommendation 4: Based on rules and regulations for \xc2\xa7204. Information Sharing, plan for\nchanges to information systems in order to identify banks engaged in activities exempted from\nSEC regulation.\n\nDSC management concurred with the recommendation. DSC states that changes to information\nsystems for \xc2\xa7204. Information Sharing will be included in the Specialty Examination Tracking\nSystem which is planned for revision in 2003. However, in subsequent discussions DSC said the\nchanges cannot be made until the SEC issues final regulations for \xc2\xa7201. Definition of Broker and\n\xc2\xa7202. Definition of Dealer and the date of those final regulations is uncertain.\n\nBecause of the time requirements for coordinating with the Division of Information Resources\nManagement and the need to budget project funds in order to accomplish system modifications, DSC\nmanagement should reconsider its response and reply within 30 days of the issuance of this report.\nIn its reply, management should address whether the identification of individual depository\ninstitution exemptions from broker and dealer requirements, as provided for in \xc2\xa7201 and \xc2\xa7202, could\nbe achieved based upon a reading of the law and absent final SEC regulations.\n\nThis recommendation is unresolved, undispositioned, and open.\n\n\n\n\n                                                 18\n\x0c                                                                                      APPENDIX I\n                      OBJECTIVES, SCOPE, AND METHODOLOGY\n\nThe audit addressed DOS implementation of GLBA provisions that authorize new affiliations among\nbanks, securities firms, insurance companies, and other financial services providers, or that modify\nregulatory agency authorities. Of GLBA\xe2\x80\x99s seven titles, we focused on the provisions of three that we\ndetermined were most relevant: Title I \xe2\x80\x93 Facilitating Affiliation Among Banks, Securities Firms, and\nInsurance Companies; Title II \xe2\x80\x93 Functional Regulation; and Title III \xe2\x80\x93 Insurance, Subtitle A \xe2\x80\x93 State\nRegulation of Insurance.\n\nThe audit objectives were to determine whether: (1) DOS has established coordination\narrangements for GLBA activities with other regulatory agencies; (2) DOS policies and\nprocedures have been updated to address the restrictions and safeguards in GLBA; and (3) DOS\nis identifying banks that are directly or indirectly engaged in GLBA activities. The audit focused\non DOS headquarters and did not extend to regional office and examiner activities.\n\nWe reviewed GLBA to identify: financial activities and affiliations authorized by the legislation;\nrequirements or qualifications to engage in the financial activities; limitations on transactions and\nother relations between state nonmember banks and their holding companies, affiliates and\nsubsidiaries; authorities specifically granted to the FDIC to examine and regulate; and provisions\nrequiring the FDIC to coordinate with other regulatory agencies. We assessed GLBA sections\nmeeting any of these criteria to determine whether DOS should address them and then reviewed\napplicable DOS guidance, including RD Memos, ED Modules, the Manual of Examination Policies,\nand the Trust Examination Manual.\n\nWe analyzed databases used by DOS for bank and holding company structure information to\ndetermine if they identify GLBA-authorized entities (i.e. financial holding companies, financial\nsubsidiaries, and \xe2\x80\x98separately identifiable departments\xe2\x80\x99). We reviewed the Case Administration\nSystem, Virtual Supervisory Information On the Net (ViSION), and Structure Information\nManagement System (SIMS). We also analyzed ViSION Application Tracking System (ViSION\nAT) which, among other things, is to record bank notifications of starting or acquiring financial\nsubsidiaries.\n\nWe identified Consolidated Reports of Condition and Income (Call Report) schedules providing\nevidence of GLBA-related activities and then obtained Call Report data to assess the extent of such\nactivity. We reviewed various Federal Reserve System regulatory reports and obtained Federal\nReserve System data on bank holding companies to determine how many state nonmember bank\nholding companies have elected to become financial holding companies.\n\nWe reviewed articles and speeches concerning GLBA and its effect on the financial services\nindustry. We analyzed relevant FDIC rules and regulations and DOS policies and procedures (both\ndraft and final). We evaluated the \xe2\x80\x9cGramm-Leach-Bliley Act Corporate Project List\xe2\x80\x9d maintained by\nthe FDIC Legal Division to monitor the status of FDIC actions addressing sections of the law and\ninterviewed DOS and Legal Division management and staff in Washington.\n\n\n\n\n                                                 19\n\x0cThe limited nature of the audit objectives did not require assessing internal management controls.\nWe did not (1) test internal controls, (2) review Government Performance and Results Act\nreporting, (3) test for fraud or illegal acts, (4) test for compliance with laws and regulations, or (5)\ndetermine the reliability of computer-processed data obtained from the FDIC\xe2\x80\x99s computerized\nsystems.\n\nFieldwork was performed from May 2001 through April 2002. The audit was conducted in\naccordance with generally accepted government auditing standards.\n\n\n\n\n                                                    20\n\x0c                         APPENDIX II\nGLBA TABLE OF CONTENTS\n\n\n\n\n         21\n\x0c22\n\x0c23\n\x0c24\n\x0c                                                                                  APPENDIX III\n                 STATE NONMEMBER BANK NONINTEREST INCOME\n\nConsolidated Reports of Condition and Income (Call Report) Schedule RI \xe2\x80\x93 Income Statement, line\nitem 5. Noninterest Income, includes various income-producing activities that might be affected by\nGLBA.\n\nCall Report data for the quarter ended December 31, 2001 identified the following numbers of state\nnonmember banks reporting these various types of noninterest income:\n\nLine 5         Description            No. of SNM       % of SNM          Total          Relevant\n                                     banks (4,971)      banks         ($ millions)       GLBA\n                                                                                       Section (\xc2\xa7)\n  a      Income from fiduciary                  856           17%            2,347        201, 202,\n         activities                                                                        204, 221\n  c      Trading revenue                         56              1              31         202, 204\n  d      Investment banking,                  1,174             24             498        201, 204,\n         advisory, brokerage, and                                                          205, 222\n         underwriting fees and\n         commissions\n  e      Venture capital revenue                 24             0.5             (1)          121\n  f      Net servicing fees                     869              18          1,324 201, 204, 211\n  g      Net securitization income               30             0.6          1,819      201, 204\n  h      Insurance commissions                2,433              49            963 301, 305, 307\n         and fees\n   l     Other noninterest income             4,908             99           8,510\n\n\nGLBA sections that might affect these activities are listed under \xe2\x80\x9cRelevant GLBA Sections (\xc2\xa7).\xe2\x80\x9d\nThe titles of the relevant GLBA sections are:\n\n\xc2\xa7121. Subsidiaries of National Banks\n\xc2\xa7201. Definition of Broker\n\xc2\xa7202. Definition of Dealer\n\xc2\xa7204. Information Sharing\n\xc2\xa7205. Treatment of New Hybrid Products\n\xc2\xa7211. Custody of Investment Company Assets by Affiliated Bank\n\xc2\xa7221. Treatment of Bank Common Trust Funds\n\xc2\xa7222. Disqualification for Bank Wrongdoing\n\xc2\xa7301. Functional Regulation of Insurance\n\xc2\xa7305. Insurance Customer Protections\n\xc2\xa7307. Interagency Consultation\n\nFor certain GLBA sections, having an effect on bank activity is probable. Sections 201 and 202 are\nrelevant because they relate to all bank securities activities \xe2\x80\x93 specifically, whether banks must\nregister with the SEC as brokers or dealers for such activities, with a resultant determination of\n\n                                                25\n\x0cregulatory authority. Section 204 establishes record-keeping requirements in support of bank\nexemptions from having to register with the SEC as brokers or dealers.\n\nSection 301 provides that states (as opposed to the banking agencies) are the functional regulators of\ninsurance. Section 305 establishes insurance customer protections. Section 307 requires that\nbanking agencies and state insurance regulators share supervisory information concerning bank\ninsurance activities.\n\nSections 201, 202, 204, 301, 305 and 307 do not authorize new activities but relate to most, if not\nall, state nonmember bank security and insurance activities.\n\nDue to its nondescript nature, it could not be determined whether \xe2\x80\x9cOther Noninterest Income\xe2\x80\x9d might\nor might not be affected by GLBA. However, it is worth noting that 4,908 or 99 percent of state\nnonmember banks reported $8.5 billion in revenues under this category.\n\nThe data show that substantial numbers of state nonmember banks are involved in financial\nactivities affected by GLBA. This activity is both \xe2\x80\x98in-house\xe2\x80\x99 and includes subsidiaries. GLBA\xe2\x80\x99s\neffect on financial holding companies, bank holding companies, and other bank affiliates is not\nincluded.\n\n\n\n\n                                                 26\n\x0c                                                                           APPENDIX IV\n\n  STATUS OF ITEMS ON THE FDIC \xe2\x80\x9cGLBA CORPORATE PROJECT LIST\xe2\x80\x9d\n                        (as of May 2, 2002)\n\n                                                                    Pending     Items\n GLBA                                                   Action       Items     Awaiting\n Section                   Subject                     Completed   Requiring    Other\n                                                                     FDIC      Agency\n                                                                     Action     Action\nTitle I     Facilitating Affiliation Among\n            Banks, Securities Firms, and\n            Insurance Companies\n103(a)      New affiliations and merchant\n            banking.                                      X\n103(a)      CRA regulations for new activities.           X\n103(a)      Enforcement of qualifications.                X\n103(a)      Grandfather for certain commercial\n            and commodities activities.                   X\n103(b)      CRA requirements to become a\n            financial holding company.                    X\n104         Operation of state law with respect to\n            insurance activities.                         X\n106         Amendment to prohibition on deposit\n            production offices.                                                   X\n107         CEBA bank relief.                             X\n108         Study regarding use of subordinated\n            debt to protect financial system.             X\n109         Study regarding accessibility of small\n            business and farm loans.                                              X\n111(see     Functional regulation.\nalso                                                                              X\n112(b))\n112(a)      Authority of state insurance regulator\n(see also   and SEC.                                                              X\n112(b))\n113 (see    Limitation on actions on FRB.\nalso                                                                              X\n112(b))\n112(b)      Subsidiaries of depository institutions.\n                                                                                  X\n114         Prudential Safeguards.                        X\n115         Examination of investment\n            companies.                                                X\n116         Divestiture Procedures.                       X\n117         FDIC resources.                               X\n\n                                             27\n\x0c                                                                  Pending     Items\n GLBA                                                 Action       Items     Awaiting\n Section                   Subject                   Completed   Requiring    Other\n                                                                   FDIC      Agency\n                                                                   Action     Action\n118         Repeal of savings bank provision of\n            BHCA.                                       X\n121(a),     Subsidiaries of national banks.\n(b), (c)                                                X\n121(d)      Bank Subsidiaries/Section 24/Part\n            362.                                        X\n122         Merchant Banking.                           X\n132         Data Sharing.                               X\nTitle II    Functional Regulation\n201, 202,   Definitions of broker and dealer under\n203, and    Securities Exchange Act, and\n206         registration for certain sales of           X\n            securities offering.\n204         Information sharing.                                    X\n205         New hybrid products.                        X\n211         Investment company assets.                  X\n212         Lending to an affiliated investment\n            company.                                    X\n213         Independent directors.                      X\n214         SEC Disclosure Authority.                   X\n215, 216,   Definition of broker and dealer under\n218, 219    ICA and IAA.                                X\n217         Banks as investment advisors for\n            registered investment companies.            X\n220         Interagency Consultation.                   X\n221         Bank Common Trust Funds.                    X\n222         Disqualification for bank wrongdoing.       X\n231         SEC Supervision.                            X\n241         Consultation.                               X\nTitle III   Insurance\n301, 304,   Functional regulation of insurance\n306, and    activities by State insurance\n307         regulator/preemption standards.             X\n305         Insurance sales consumer protection\n            regulations/consumer grievance              X\n            process.\n307         Interagency consultation between\n            appropriate federal banking agencies        X\n            and state insurance regulators.\nTitle IV    Unitary Savings and Loan Holding\n\n\n                                            28\n\x0c                                                                 Pending     Items\n GLBA                                                Action       Items     Awaiting\n Section                   Subject                  Completed   Requiring    Other\n                                                                  FDIC      Agency\n                                                                  Action     Action\n             Companies\nTitle V      Privacy\n501(a),      Privacy Regulations.\n502-504,                                               X\n509(4),\n(10), (11)\n501(b)     Standards on Information Security.          X\n506        Fair Credit Reporting Act\n           Regulations.                                            X\n507        State Law protection.                       X\n508        Study of information sharing\n           practices.                                                          X\n521-525; Pretext Calling/Administrative\n527        Enforcement.                                X\n526        Report on Efficacy of Remedies.             X\nTitle VI   Federal Home Loan Bank System\n           Modernization\nTitle VI   Federal Home Loan Bank\n           Amendments.                                 X\nTitle VII Other Provisions\nSubtitle A ATM fee disclosures.                        X\n711        CRA Sunshine Regulations.                   X\n712        CRA Small Bank Relief.                      X\n713        FRB study on CRA lending.                   X\n715        Treasury study on the responsiveness\n           to community needs for financial            X\n           services.\n722        Plain language requirement for federal\n           banking agencies\' regulations.              X\n729        Study and report on adapting existing\n           legislative requirements to online          X\n           banking and lending.\n730        Clarification of Source of Strength\n           Doctrine (BNE amendment).                                           X\n731        Interest rates for branches of out-of-\n           state banks.                                X\n735        Stock Loan Limit repealed.                  X\n736        Elimination of SAIF and BIF special\n           reserves.                                   X\n737        Bank officers and directors serving as\n           officers and directors of public                        X\n\n                                          29\n\x0c                                                            Pending     Items\nGLBA                                            Action       Items     Awaiting\nSection                  Subject               Completed   Requiring    Other\n                                                             FDIC      Agency\n                                                             Action     Action\n          utilities.\n739       Conversion of Federal Savings\n          Associations.                                                   X\n740       Grand Jury proceedings.                 X\n\n          Total count:\n   62                                             49          4           9\n\n\n\n\n                                          30\n\x0c                                                                                  APPENDIX V\n              DOS GUIDANCE ON GLBA SECTIONS THAT REQUIRE\n            CHANGES TO EXAMINATION POLICIES AND PROCEDURES\n                          (as of November 30, 2001)\n\n\nWe identified the following GLBA Sections as requiring changes or additions to DOS\nexamination policies and procedures.(i) The date the guidance was issued is listed under the type\nof guidance (i.e., Regional Directors Memorandum (RD Memo), Examination Documentation\nModule (ED Module), Manual of Examination Policies (Exam Manual), and Trust Examination\nManual (Trust Manual)). This chart is intended to show guidance that has been issued, not what\nremains to be done. Not all columns are applicable for each GLBA section listed.\n\n                                                           DOS GUIDANCE\n\n       GLBA Section              Effective   RD Memo          ED         Exam          Trust\n                                  Date       (number)        Module      Manual       Manual\nTitle I \xe2\x80\x93 Facilitating\nAffiliation Among Banks,\nSecurities Firms, and\nInsurance Companies\n103. Financial Activities,\nsubsection (a) In General \xe2\x80\x93\namends Section 4 of the Bank\nHolding Company Act of\n1956 (BHCA):\nBHCA 4(n). Authority to          3-11-00\nretain limited non-financial                        (ii)\nactivities and affiliations.\nBHCA 4(o). Regulation of         3-11-00\ncertain financial holding                           (ii)\ncompanies.\n107. Cross Marketing             3-11-00\nRestriction; Limited Purpose                        (ii)\nBank Relief; Divestiture\n112. Authority of State          3-11-00     1-10-01\nInsurance Regulator and                      (01-002)\nSecurities and Exchange\nCommission\n115. Examination of              3-11-00     1-10-01\nInvestment Companies                         (01-002)\n\n121(a). Financial Subsidiaries   3-11-00     6-26-00\nof National Banks                            (00-037)\n                                                 (iii)\n121(b). Sections 23A and 23B     3-11-00     6-26-00\n\n                                               31\n\x0c         GLBA Section                   Effective      RD Memo            ED            Exam             Trust\n                                         Date           (number)         Module         Manual          Manual\nof the Federal Reserve Act                            (00-037)\n                                                              (iv)\n121(d). Safety and Soundness           3-11-00        6-26-00\nFirewalls for State Banks with                        (00-037)\nFinancial Subsidiaries\nTitle II \xe2\x80\x93 Functional\nRegulation\n201. Definition of Broker              5-12-01              (v)                                       5-23-01\n202. Definition of Dealer              5-12-01              (v)                                       5-23-01\n204. Information Sharing               5-12-01              (vi)                                      5-23-01\n213. Independent Directors             5-12-01                                                        5-23-01\n217. Removal of the                    5-12-01                                                        5-23-01\nExclusion from the Definition\nof Investment Adviser for\nBanks that Advise Investment\nCompanies\n220. Interagency Consultation          5-12-01                                                        5-23-01\n221. Treatment of Bank                 5-12-01                                                        5-23-01\nCommon Trust Funds\n241. Consultation                      11-12-99       8-29-00\n                                                      (00-048)\nTitle III \xe2\x80\x93 Insurance,\nSubtitle A \xe2\x80\x93 State\nRegulation of Insurance\n301. Functional Regulation of          11-12-99       1-10-01\nInsurance                                             (01-002)\n305. Insurance Customer                11-12-99       9-5-01\nProtections                                           (01-035)\n307. Interagency Consultation          11-12-99       1-10-01\n                                                      (01-002)\n                                                      Also,\n                                                      3-29-01\n                                                      (01-016)\n_____________________\n(i) Only GLBA sections requiring DOS guidance for examiners are included in this analysis. Additional GLBA\nsections were included in the audit procedures.\n(ii) DOS has not issued guidance on these GLBA sections. This is cited under the finding, DOS Policies and Procedures\non \xe2\x80\x9cRelated Organizations.\xe2\x80\x9d\n(iii) The DOS RD Memo, \xe2\x80\x9cImplementation of the Provisions of the Gramm-Leach-Bliley Act that Govern the Conduct\nof Financial Activities by Insured State Nonmember Bank Subsidiaries\xe2\x80\x9d (00-037, 6/26/2000) was superceded by\n\xe2\x80\x9cActivities of Insured State Banks and Their Subsidiaries\xe2\x80\x9d (01-051, 11/15/2001).\n(iv) DOS guidance on this GLBA section should provide more detail. This is cited under the finding, DOS Policies and\nProcedures on \xe2\x80\x9cRelated Organizations.\xe2\x80\x9d\n(v) The SEC published interim final rules, without public comment, on May 11, 2001 in response to the legislatively\nimposed implementation date of May 12, 2001. The SEC plans to reissue rules in draft form for public comment and the\neventual implementation date is uncertain. Nonetheless, DOS has addressed these GLBA sections in its updated Trust\n\n\n                                                         32\n\x0cExamination Manual.\n(vi) DOS is continuing to work with other financial regulatory agencies on the development of regulations for this\nsection. However, regulations and internal guidance cannot be issued until the SEC issues final regulations for Sections\n201 and 202. See endnote v.\n\n\n\n\n                                                           33\n\x0c                       APPENDIX VI\n\nCORPORATION COMMENTS\n\n\n\n\n         34\n\x0c35\n\x0c36\n\x0c37\n\x0c                                         APPENDIX VII\n\nSECURITIES AND EXCHANGE COMMISSION COMMENTS\n\n\n\n\n                    38\n\x0c'